/**
 * Copyright 2018-2020 stylefeng & fengshuonan (https://gitee.com/stylefeng)
 * <p>
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 * <p>
 * http://www.apache.org/licenses/LICENSE-2.0
 * <p>
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package com.circle.rest.core.aop;

import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.circle.rest.core.common.enums.CommonStatus;
import com.circle.rest.core.exception.ServiceException;
import com.circle.rest.core.jwt.JwtUtil;
import com.circle.rest.core.util.ToolUtil;
import com.circle.rest.modular.sys.model.User;
import com.circle.rest.modular.sys.service.IRelationService;
import com.circle.rest.modular.sys.service.IUserService;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Pointcut;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.annotation.Order;
import org.springframework.stereotype.Component;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;

import javax.servlet.http.HttpServletRequest;

/**
 * 权限检查的aop
 *
 * @author fengshuonan
 * @date 2017-07-13 21:05
 */
@Aspect
@Component
@Order(200)
public class PermissionAdvice {

    @Autowired
    private IRelationService relationService;

    @Autowired
    private IUserService userService;

    @Pointcut(value = "@annotation(com.circle.rest.core.aop.Permission)")
    private void cutPermission() {

    }

    @Around("cutPermission()")
    public Object doPermission(ProceedingJoinPoint point) throws Throwable {
        HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
        String url = request.getRequestURI();
        // 获取当前的用户
        User currentUser = JwtUtil.getUser(request);
        QueryWrapper<User> wrapper = new QueryWrapper<>();
        wrapper.eq("id", currentUser.getId());
        User user = userService.getOne(wrapper);

        if (user == null) {
            throw new ServiceException("Token解析异常，请重新登录");
        }
        if (user.getStatus() == CommonStatus.FREEZED.getCode()) {
            throw new ServiceException("账户被冻结，暂时不能访问");
        }

        //超级管理员跳过权限判断
        if (user.getLoginName().equals("admin")) {
            return point.proceed();
        }

        String roleid = user.getRoleid();
        if (ToolUtil.isEmpty(roleid)) {
            throw new ServiceException("无权限访问");
        }
        //检查角色权限
        boolean permission = relationService.checkPermission(roleid, url);
        if (permission) {
            return point.proceed();
        } else {
            throw new ServiceException("无权限访问");
        }

    }

}
